42 matches found
CVE-2019-13539 Medtronic Valleylab FT10 and FX8 Reversible One-way Hash
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...
CVE-2019-13539
CVE-2019-13539 affects Medtronic Valleylab FT10 and FX8 platforms (Exchange Client v3.4 and below; FT10 v4.0.0 and below; FX8 v1.1.0 and below) due to the use of the descrypt OS password hashing (CWE-328). The issue enables an attacker who can access the device to obtain local shell access and re...
CVE-2019-1010163
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation dependant upon conditions, shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is...
Buffer overflow
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation dependant upon conditions, shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is...
CVE-2019-1010163
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation dependant upon conditions, shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is...
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
Cisco Enterprise NFV Infrastructure Software is a lightweight virtualization platform that integrates complete VM lifecycle management, monitoring, device programmability, and service chaining in one installable package. A command injection vulnerability exists in Cisco Enterprise NFV...
Cisco Enterprise NFV Infrastructure Software Command Injection Vulnerability
A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...
CVE-2018-10905
CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...
Design/Logic Flaw
CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...
CVE-2018-10905
CloudForms Management Engine cfme is vulnerable to an improper security setting in the dRuby component of CloudForms. An attacker with access to an unprivileged local shell could use this flaw to execute commands as a high privileged user...
Local Privilege Escalation
Palo Alto Networks firewalls do not properly validate certain environment variables which can potentially allow executing code with higher privileges Ref PAN-61104/100499/CVE-2016-9151 A potential attacker with local shell access could manipulate arbitrary environment variables which could result...
CVE-2016-1435
Cisco 8800 phones with software 11.01 do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014...
Multiple Cisco IP Phones Firmware Image Upload Vulnerability
A vulnerability in the TFTP implementation of the Cisco Small Business SPA30X and SPA50X IP Phones could allow an unauthenticated, local attacker to load arbitrary firmware images onto the affected device. The vulnerability is due to insufficient file integrity checks of the firmware image. An...
SOL17049 - PHP vulnerability CVE-2015-4598
Important: Although the software of the affected F5 products contains the vulnerable code, the affected F5 products do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local shell access to the affected F5 products, to trigger ...
Webiz 2004 - Local Shell Upload Vulnerability
No description provided by source. Exploit Title: Webiz local SHELL Upload Vulnerability Date: 23-05-2010 Author: kannibal615 Software Link: N/A Version: 2004 Tested on: PHP CVE : N/A Code : @@ @@ @@@@@@ @@ @@ @@@@ @@@@@@@ @@ @@ @@@@@@@ @@@@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@@...
Data/File upload and management Arbitrary File Upload Vulnerability
No description provided by source. : Exploit Title: Data/File upload and management local shell upload : : Date: 14/10/2010 : : Author: saudi0hacker : : Software Link: http://resellscripts.info/index.php?route=product/product&productid=137 : : Version: All version : : Tested on: linux b0x : :...
Debian Security Advisory DSA 197-1 (courier)
The remote host is missing an update to courier announced via advisory DSA 197-1. OpenVAS Vulnerability Test $Id: deb1971.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 197-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
VisualBoyAdvanced 1.7.x - Non SUID Local Shell
/ VisualBoyAdvanced 1.7.x BufferOver Flow exploit VBA - WEBSITE : vba.ngemu.com Found & coded by Qnix - Qnixatbsdmaildotorg / include char shellcode = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" / setuid / "\xeb\x5a\x5e\x31\xc0\x88\x46\x07\x31\xc0\x31\xdb\xb0\x27\xcd"...
VisualBoyAdvanced 1.7.x - Non SUID Local Shell
VisualBoyAdvanced 1.7.x - Non SUID Local Shell / VisualBoyAdvanced 1.7.x BufferOver Flow exploit VBA - WEBSITE : vba.ngemu.com Found & coded by Qnix - Qnixatbsdmaildotorg / include char shellcode = "\x31\xc0\x31\xdb\xb0\x17\xcd\x80" / setuid /...
[SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure
-------------------------------------------------------------------------- Debian Security Advisory DSA 197-1 [email protected] http://www.debian.org/security/ Martin Schulze November 15th, 2002 http://www.debian.org/security/faq -...